You're reading from Metasploit 5.0 for Beginners Perform penetration testing to secure your IT environment against threats and vulnerabilities

Product type Paperback

Published in Apr 2020

Publisher

ISBN-13 9781838982669

Length 246 pages

Edition 2nd Edition

Tools

Metasploit

Concepts

Penetration Testing

Author (1):

Sagar Rahalkar

View More author details

Table of Contents (15) Chapters

Preface

1. Section 1: Introduction and Environment Setup

2. Chapter 1: Introduction to Metasploit and Supporting Tools FREE CHAPTER

3. Chapter 2: Setting Up Your Environment

4. Chapter 3: Metasploit Components and Environment Configuration

5. Section 2: Practical Metasploit

6. Chapter 4: Information Gathering with Metasploit

7. Chapter 5: Vulnerability Hunting with Metasploit

8. Chapter 6: Client-Side Attacks with Metasploit

9. Chapter 7: Web Application Scanning with Metasploit

10. Chapter 8: Antivirus Evasion and Anti-Forensics

11. Chapter 9: Cyber Attack Management with Armitage

12. Chapter 10: Extending Metasploit and Exploit Development

13. Chapter 11: Case Studies

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

Understanding the need for client-side attacks

In the previous chapter, we used the MS08_067net api vulnerability in our target system to gain complete administrator-level access to the system. We configured the value of the RHOST variable as the IP address of our target system. Now, the exploit was successful only because the attacker's system and the target system were both on the same network (the IP address of the attacker's system was 192.168.44.134 and the IP address of the target system was 192.168.44.129).

This scenario was pretty straightforward, as shown here:

Figure 6.1 – Attack Scenario

Now consider the scenario shown in the following figure. The IP address of the attacker's system is a public address, and he is trying to exploit a vulnerability on a system that is not in the same network. Note that the target system, in this case, has a private IP address (10.11.1.56) and is NATed behind an internet router (88.43.21.9x...